From 97b9d165e6d33dcfb4aabb9fdc5043f865333ac6 Mon Sep 17 00:00:00 2001 From: Dmitrii Stepanov Date: Tue, 21 Mar 2023 15:41:58 +0300 Subject: [PATCH] [#155] search-service: Fix search with ST Search should return only objects allowed in static session Signed-off-by: Dmitrii Stepanov --- pkg/services/object/search/exec.go | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/pkg/services/object/search/exec.go b/pkg/services/object/search/exec.go index a1737b521..8cc9a9a26 100644 --- a/pkg/services/object/search/exec.go +++ b/pkg/services/object/search/exec.go @@ -119,6 +119,7 @@ func (exec *execCtx) generateTraverser(cnr cid.ID) (*placement.Traverser, bool) } func (exec *execCtx) writeIDList(ids []oid.ID) { + ids = exec.filterAllowedObjectIDs(ids) err := exec.prm.writer.WriteIDs(ids) switch { @@ -134,3 +135,17 @@ func (exec *execCtx) writeIDList(ids []oid.ID) { exec.err = nil } } + +func (exec *execCtx) filterAllowedObjectIDs(objIDs []oid.ID) []oid.ID { + sessionToken := exec.prm.common.SessionToken() + if sessionToken == nil { + return objIDs + } + result := make([]oid.ID, 0, len(objIDs)) + for _, objID := range objIDs { + if sessionToken.AssertObject(objID) { + result = append(result, objID) + } + } + return result +}